Why was the term “discrete” used in discrete logarithm? Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Trying to better understand the failure of the Index Calculus for ECDLPWhat is so special about elliptic curves?Why is the discrete logarithm problem assumed to be hard?What is the difference between discrete logarithm and logarithm?Calculating the discrete logarithmWhy is NON DISCRETE logarithm problem not hard as the DISCRETE logarithm problem (so computationally hard)?How to construct a hash function into a cyclic group such that its discrete log is intractable?Discrete logarithm key sizes for very short term usageDiscrete Logarithm NotationDescribing Discrete Logarithm Assumption
When to stop saving and start investing?
Did Xerox really develop the first LAN?
Is there a documented rationale why the House Ways and Means chairman can demand tax info?
macOS-like app switching in Plasma 5
Can Pao de Queijo, and similar foods, be kosher for Passover?
How much radiation do nuclear physics experiments expose researchers to nowadays?
What makes black pepper strong or mild?
When is phishing education going too far?
Do you forfeit tax refunds/credits if you aren't required to and don't file by April 15?
Gastric acid as a weapon
What is the longest distance a 13th-level monk can jump while attacking on the same turn?
Why is black pepper both grey and black?
How does a biquinary adder work?
Right-skewed distribution with mean equals to mode?
Marking the functions of a sentence: 'She may like it'
How to draw this diagram using TikZ package?
List *all* the tuples!
Why don't the Weasley twins use magic outside of school if the Trace can only find the location of spells cast?
Do I really need recursive chmod to restrict access to a folder?
Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?
Sorting numerically
Can a non-EU citizen traveling with me come with me through the EU passport line?
What causes the vertical darker bands in my photo?
What is a quick way to find the reverse complement in bash
Why was the term “discrete” used in discrete logarithm?
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Trying to better understand the failure of the Index Calculus for ECDLPWhat is so special about elliptic curves?Why is the discrete logarithm problem assumed to be hard?What is the difference between discrete logarithm and logarithm?Calculating the discrete logarithmWhy is NON DISCRETE logarithm problem not hard as the DISCRETE logarithm problem (so computationally hard)?How to construct a hash function into a cyclic group such that its discrete log is intractable?Discrete logarithm key sizes for very short term usageDiscrete Logarithm NotationDescribing Discrete Logarithm Assumption
$begingroup$
Is there anything especially "discrete" about a discrete logarithm? This is not a question of what is a discrete logarithm or why the discrete logarithm problem is an "intractable problem" given certain circumstances. I'm just trying to determine if there's some additional meaning to the term "discrete" as it's used in name discrete logarithm?
The definition of "discrete" is "individually separate and distinct". Could it be that the term "discrete" is a reference to the least non-negative residues of a modulus or the order of points for a particular cyclic group on an elliptic curve?
discrete-logarithm terminology
asked 43 mins ago
JohnGaltJohnGalt
22616
$endgroup$
add a comment |
$begingroup$
Is there anything especially "discrete" about a discrete logarithm? This is not a question of what is a discrete logarithm or why the discrete logarithm problem is an "intractable problem" given certain circumstances. I'm just trying to determine if there's some additional meaning to the term "discrete" as it's used in name discrete logarithm?
The definition of "discrete" is "individually separate and distinct". Could it be that the term "discrete" is a reference to the least non-negative residues of a modulus or the order of points for a particular cyclic group on an elliptic curve?
discrete-logarithm terminology
asked 43 mins ago
JohnGaltJohnGalt
22616
$endgroup$
1
$begingroup$
Traditional logarithm: answer is a real or complex number. Discrete logarithm: answer is an element of a finite set $mathbbZ_n$.
$endgroup$
– Mikero
34 mins ago
add a comment |
$begingroup$
Is there anything especially "discrete" about a discrete logarithm? This is not a question of what is a discrete logarithm or why the discrete logarithm problem is an "intractable problem" given certain circumstances. I'm just trying to determine if there's some additional meaning to the term "discrete" as it's used in name discrete logarithm?
The definition of "discrete" is "individually separate and distinct". Could it be that the term "discrete" is a reference to the least non-negative residues of a modulus or the order of points for a particular cyclic group on an elliptic curve?
discrete-logarithm terminology
asked 43 mins ago
JohnGaltJohnGalt
22616
$endgroup$
Is there anything especially "discrete" about a discrete logarithm? This is not a question of what is a discrete logarithm or why the discrete logarithm problem is an "intractable problem" given certain circumstances. I'm just trying to determine if there's some additional meaning to the term "discrete" as it's used in name discrete logarithm?
The definition of "discrete" is "individually separate and distinct". Could it be that the term "discrete" is a reference to the least non-negative residues of a modulus or the order of points for a particular cyclic group on an elliptic curve?
discrete-logarithm terminology
discrete-logarithm terminology
asked 43 mins ago
JohnGaltJohnGalt
22616
asked 43 mins ago
JohnGaltJohnGalt
22616
asked 43 mins ago
JohnGaltJohnGalt
22616
asked 43 mins ago
JohnGaltJohnGalt
22616
asked 43 mins ago
JohnGaltJohnGalt
22616
22616
1
$begingroup$
Traditional logarithm: answer is a real or complex number. Discrete logarithm: answer is an element of a finite set $mathbbZ_n$.
$endgroup$
– Mikero
34 mins ago
add a comment |
1
$begingroup$
Traditional logarithm: answer is a real or complex number. Discrete logarithm: answer is an element of a finite set $mathbbZ_n$.
$endgroup$
– Mikero
34 mins ago
1
1
$begingroup$
Traditional logarithm: answer is a real or complex number. Discrete logarithm: answer is an element of a finite set $mathbbZ_n$.
$endgroup$
– Mikero
34 mins ago
$begingroup$
Traditional logarithm: answer is a real or complex number. Discrete logarithm: answer is an element of a finite set $mathbbZ_n$.
$endgroup$
– Mikero
34 mins ago
add a comment |
2 Answers
2
active
oldest
votes
$begingroup$
The word discrete is used as an antonym of 'continuous', that is, it is the normal logarithmic problem, just over a discrete group.
The standard logarithmic problem is over the infinite group $mathbbR^*$, this group is called 'continuous', because for any element $x$, there are other elements that are arbitrarily close to it.
The discrete logarithmic problem is over a finite group (for example, $mathbbZ_p^*$); in contrast to $mathbbR^*$, we don't have group elements arbitrarily close together; we call this type of group 'discrete'.
answered 35 mins ago
ponchoponcho
94.2k2148247
$endgroup$
$begingroup$
Would it be accurate to say that the fact that the group is discrete in a discrete logarithm, isn't what makes them useful in say DH, but instead other properties? For example, a useful property of a discrete group (in connection with DH) when the modulus and base are chosen wisely is that computing the exponent used to exponentiate a power can be made computationally infeasible (e.g. DLP)? Or is there some connection between the non-continuous nature of the discrete group that enables the intractability of DLP?
$endgroup$
– JohnGalt
13 mins ago
$begingroup$
When I said "made computationally infeasible (e.g. DLP)?" It should have been "made computationally infeasible to reverse (e.g. DLP)?"
$endgroup$
– JohnGalt
4 mins ago
1
$begingroup$
yes, being discrete is not the "core reason" why dlp can be hard - although note that if we are to ever use the crypto we build on a computer, things better be discrete - at best, we can only approximate a continuous primitive in a discrete way.
$endgroup$
– Geoffroy Couteau
1 min ago
1
$begingroup$
@JohnGalt The hard part of the DLP is the modular reduction "hiding" how many times you've "wrapped around". Without modular reduction, you can do some sort of "binary search" to get accurate lower/upper bounds to the discrete log rather efficiently.
$endgroup$
– Mark
1 min ago
add a comment |
$begingroup$
While I agree completely with poncho's answer, this other viewpoint might be useful.
Specifically, I think a better comparison isn't between $mathbbZ_p^*$ and $mathbbR^*$, but with $mathbbZ_p^*$ and $S^1$. We can view $S^1 cong zinmathbbC mid $. It's not hard to show that any $zin S^1$ is able to be written as $z = exp(2pi i t)$ for $tinmathbbR$ (we don't strictly need the factor $2pi$ here, but it's traditional). Due to $exp(x)$ being periodic, it's in fact enough to have $tin[0,1)$.
This has an obvious group structure, in that:
$$exp(2pi i t_0)exp(2pi i t_1) = exp(2pi i (t_0+t_1))$$
If we're making the restriction that $t_iin[0,1)$, then we have to take $t_0+t_1mod 1$, but this is fairly standard.
More than just having an obvious group structure, we actually have that any $mathbbZ_p^*$ injects into it.
Specifically, we always have:
$$
phi_p:mathbbZ_p^*to S^1,quad phi_p(x) = exp(2pi i x/(p-1))
$$
Here, $p-1$ in the denominator is because $|mathbbZ_p^*| = p-1$.
We can define the discrete logarithm problem for both of these groups in the standard way (here, it's important to restrict $t_iin[0, 1)$ if we want a unique answer).
Then, we can relate these problems to each via the aforementioned injection.
Through this image, we see that $S^1$ is "continuous" in the sense that it takes up the full circle, but the image of $mathbbZ_p^*$ in $S^1$ will always be "discrete" --- there will always be "some space" between points (they can't get arbitrarily close).
answered 4 mins ago
MarkMark
1534
$endgroup$
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68801%2fwhy-was-the-term-discrete-used-in-discrete-logarithm%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
The word discrete is used as an antonym of 'continuous', that is, it is the normal logarithmic problem, just over a discrete group.
The standard logarithmic problem is over the infinite group $mathbbR^*$, this group is called 'continuous', because for any element $x$, there are other elements that are arbitrarily close to it.
The discrete logarithmic problem is over a finite group (for example, $mathbbZ_p^*$); in contrast to $mathbbR^*$, we don't have group elements arbitrarily close together; we call this type of group 'discrete'.
answered 35 mins ago
ponchoponcho
94.2k2148247
$endgroup$
$begingroup$
Would it be accurate to say that the fact that the group is discrete in a discrete logarithm, isn't what makes them useful in say DH, but instead other properties? For example, a useful property of a discrete group (in connection with DH) when the modulus and base are chosen wisely is that computing the exponent used to exponentiate a power can be made computationally infeasible (e.g. DLP)? Or is there some connection between the non-continuous nature of the discrete group that enables the intractability of DLP?
$endgroup$
– JohnGalt
13 mins ago
$begingroup$
When I said "made computationally infeasible (e.g. DLP)?" It should have been "made computationally infeasible to reverse (e.g. DLP)?"
$endgroup$
– JohnGalt
4 mins ago
1
$begingroup$
yes, being discrete is not the "core reason" why dlp can be hard - although note that if we are to ever use the crypto we build on a computer, things better be discrete - at best, we can only approximate a continuous primitive in a discrete way.
$endgroup$
– Geoffroy Couteau
1 min ago
1
$begingroup$
@JohnGalt The hard part of the DLP is the modular reduction "hiding" how many times you've "wrapped around". Without modular reduction, you can do some sort of "binary search" to get accurate lower/upper bounds to the discrete log rather efficiently.
$endgroup$
– Mark
1 min ago
add a comment |
$begingroup$
The word discrete is used as an antonym of 'continuous', that is, it is the normal logarithmic problem, just over a discrete group.
The standard logarithmic problem is over the infinite group $mathbbR^*$, this group is called 'continuous', because for any element $x$, there are other elements that are arbitrarily close to it.
The discrete logarithmic problem is over a finite group (for example, $mathbbZ_p^*$); in contrast to $mathbbR^*$, we don't have group elements arbitrarily close together; we call this type of group 'discrete'.
answered 35 mins ago
ponchoponcho
94.2k2148247
$endgroup$
$begingroup$
Would it be accurate to say that the fact that the group is discrete in a discrete logarithm, isn't what makes them useful in say DH, but instead other properties? For example, a useful property of a discrete group (in connection with DH) when the modulus and base are chosen wisely is that computing the exponent used to exponentiate a power can be made computationally infeasible (e.g. DLP)? Or is there some connection between the non-continuous nature of the discrete group that enables the intractability of DLP?
$endgroup$
– JohnGalt
13 mins ago
$begingroup$
When I said "made computationally infeasible (e.g. DLP)?" It should have been "made computationally infeasible to reverse (e.g. DLP)?"
$endgroup$
– JohnGalt
4 mins ago
1
$begingroup$
yes, being discrete is not the "core reason" why dlp can be hard - although note that if we are to ever use the crypto we build on a computer, things better be discrete - at best, we can only approximate a continuous primitive in a discrete way.
$endgroup$
– Geoffroy Couteau
1 min ago
1
$begingroup$
@JohnGalt The hard part of the DLP is the modular reduction "hiding" how many times you've "wrapped around". Without modular reduction, you can do some sort of "binary search" to get accurate lower/upper bounds to the discrete log rather efficiently.
$endgroup$
– Mark
1 min ago
add a comment |
$begingroup$
The word discrete is used as an antonym of 'continuous', that is, it is the normal logarithmic problem, just over a discrete group.
The standard logarithmic problem is over the infinite group $mathbbR^*$, this group is called 'continuous', because for any element $x$, there are other elements that are arbitrarily close to it.
The discrete logarithmic problem is over a finite group (for example, $mathbbZ_p^*$); in contrast to $mathbbR^*$, we don't have group elements arbitrarily close together; we call this type of group 'discrete'.
answered 35 mins ago
ponchoponcho
94.2k2148247
$endgroup$
The word discrete is used as an antonym of 'continuous', that is, it is the normal logarithmic problem, just over a discrete group.
The standard logarithmic problem is over the infinite group $mathbbR^*$, this group is called 'continuous', because for any element $x$, there are other elements that are arbitrarily close to it.
The discrete logarithmic problem is over a finite group (for example, $mathbbZ_p^*$); in contrast to $mathbbR^*$, we don't have group elements arbitrarily close together; we call this type of group 'discrete'.
answered 35 mins ago
ponchoponcho
94.2k2148247
answered 35 mins ago
ponchoponcho
94.2k2148247
answered 35 mins ago
ponchoponcho
94.2k2148247
answered 35 mins ago
ponchoponcho
94.2k2148247
94.2k2148247
$begingroup$
Would it be accurate to say that the fact that the group is discrete in a discrete logarithm, isn't what makes them useful in say DH, but instead other properties? For example, a useful property of a discrete group (in connection with DH) when the modulus and base are chosen wisely is that computing the exponent used to exponentiate a power can be made computationally infeasible (e.g. DLP)? Or is there some connection between the non-continuous nature of the discrete group that enables the intractability of DLP?
$endgroup$
– JohnGalt
13 mins ago
$begingroup$
When I said "made computationally infeasible (e.g. DLP)?" It should have been "made computationally infeasible to reverse (e.g. DLP)?"
$endgroup$
– JohnGalt
4 mins ago
1
$begingroup$
yes, being discrete is not the "core reason" why dlp can be hard - although note that if we are to ever use the crypto we build on a computer, things better be discrete - at best, we can only approximate a continuous primitive in a discrete way.
$endgroup$
– Geoffroy Couteau
1 min ago
1
$begingroup$
@JohnGalt The hard part of the DLP is the modular reduction "hiding" how many times you've "wrapped around". Without modular reduction, you can do some sort of "binary search" to get accurate lower/upper bounds to the discrete log rather efficiently.
$endgroup$
– Mark
1 min ago
add a comment |
$begingroup$
Would it be accurate to say that the fact that the group is discrete in a discrete logarithm, isn't what makes them useful in say DH, but instead other properties? For example, a useful property of a discrete group (in connection with DH) when the modulus and base are chosen wisely is that computing the exponent used to exponentiate a power can be made computationally infeasible (e.g. DLP)? Or is there some connection between the non-continuous nature of the discrete group that enables the intractability of DLP?
$endgroup$
– JohnGalt
13 mins ago
$begingroup$
When I said "made computationally infeasible (e.g. DLP)?" It should have been "made computationally infeasible to reverse (e.g. DLP)?"
$endgroup$
– JohnGalt
4 mins ago
1
$begingroup$
yes, being discrete is not the "core reason" why dlp can be hard - although note that if we are to ever use the crypto we build on a computer, things better be discrete - at best, we can only approximate a continuous primitive in a discrete way.
$endgroup$
– Geoffroy Couteau
1 min ago
1
$begingroup$
@JohnGalt The hard part of the DLP is the modular reduction "hiding" how many times you've "wrapped around". Without modular reduction, you can do some sort of "binary search" to get accurate lower/upper bounds to the discrete log rather efficiently.
$endgroup$
– Mark
1 min ago
$begingroup$
Would it be accurate to say that the fact that the group is discrete in a discrete logarithm, isn't what makes them useful in say DH, but instead other properties? For example, a useful property of a discrete group (in connection with DH) when the modulus and base are chosen wisely is that computing the exponent used to exponentiate a power can be made computationally infeasible (e.g. DLP)? Or is there some connection between the non-continuous nature of the discrete group that enables the intractability of DLP?
$endgroup$
– JohnGalt
13 mins ago
$begingroup$
Would it be accurate to say that the fact that the group is discrete in a discrete logarithm, isn't what makes them useful in say DH, but instead other properties? For example, a useful property of a discrete group (in connection with DH) when the modulus and base are chosen wisely is that computing the exponent used to exponentiate a power can be made computationally infeasible (e.g. DLP)? Or is there some connection between the non-continuous nature of the discrete group that enables the intractability of DLP?
$endgroup$
– JohnGalt
13 mins ago
$begingroup$
When I said "made computationally infeasible (e.g. DLP)?" It should have been "made computationally infeasible to reverse (e.g. DLP)?"
$endgroup$
– JohnGalt
4 mins ago
$begingroup$
When I said "made computationally infeasible (e.g. DLP)?" It should have been "made computationally infeasible to reverse (e.g. DLP)?"
$endgroup$
– JohnGalt
4 mins ago
1
1
$begingroup$
yes, being discrete is not the "core reason" why dlp can be hard - although note that if we are to ever use the crypto we build on a computer, things better be discrete - at best, we can only approximate a continuous primitive in a discrete way.
$endgroup$
– Geoffroy Couteau
1 min ago
$begingroup$
yes, being discrete is not the "core reason" why dlp can be hard - although note that if we are to ever use the crypto we build on a computer, things better be discrete - at best, we can only approximate a continuous primitive in a discrete way.
$endgroup$
– Geoffroy Couteau
1 min ago
1
1
$begingroup$
@JohnGalt The hard part of the DLP is the modular reduction "hiding" how many times you've "wrapped around". Without modular reduction, you can do some sort of "binary search" to get accurate lower/upper bounds to the discrete log rather efficiently.
$endgroup$
– Mark
1 min ago
$begingroup$
@JohnGalt The hard part of the DLP is the modular reduction "hiding" how many times you've "wrapped around". Without modular reduction, you can do some sort of "binary search" to get accurate lower/upper bounds to the discrete log rather efficiently.
$endgroup$
– Mark
1 min ago
add a comment |
$begingroup$
While I agree completely with poncho's answer, this other viewpoint might be useful.
Specifically, I think a better comparison isn't between $mathbbZ_p^*$ and $mathbbR^*$, but with $mathbbZ_p^*$ and $S^1$. We can view $S^1 cong zinmathbbC mid $. It's not hard to show that any $zin S^1$ is able to be written as $z = exp(2pi i t)$ for $tinmathbbR$ (we don't strictly need the factor $2pi$ here, but it's traditional). Due to $exp(x)$ being periodic, it's in fact enough to have $tin[0,1)$.
This has an obvious group structure, in that:
$$exp(2pi i t_0)exp(2pi i t_1) = exp(2pi i (t_0+t_1))$$
If we're making the restriction that $t_iin[0,1)$, then we have to take $t_0+t_1mod 1$, but this is fairly standard.
More than just having an obvious group structure, we actually have that any $mathbbZ_p^*$ injects into it.
Specifically, we always have:
$$
phi_p:mathbbZ_p^*to S^1,quad phi_p(x) = exp(2pi i x/(p-1))
$$
Here, $p-1$ in the denominator is because $|mathbbZ_p^*| = p-1$.
We can define the discrete logarithm problem for both of these groups in the standard way (here, it's important to restrict $t_iin[0, 1)$ if we want a unique answer).
Then, we can relate these problems to each via the aforementioned injection.
Through this image, we see that $S^1$ is "continuous" in the sense that it takes up the full circle, but the image of $mathbbZ_p^*$ in $S^1$ will always be "discrete" --- there will always be "some space" between points (they can't get arbitrarily close).
answered 4 mins ago
MarkMark
1534
$endgroup$
add a comment |
$begingroup$
While I agree completely with poncho's answer, this other viewpoint might be useful.
Specifically, I think a better comparison isn't between $mathbbZ_p^*$ and $mathbbR^*$, but with $mathbbZ_p^*$ and $S^1$. We can view $S^1 cong zinmathbbC mid $. It's not hard to show that any $zin S^1$ is able to be written as $z = exp(2pi i t)$ for $tinmathbbR$ (we don't strictly need the factor $2pi$ here, but it's traditional). Due to $exp(x)$ being periodic, it's in fact enough to have $tin[0,1)$.
This has an obvious group structure, in that:
$$exp(2pi i t_0)exp(2pi i t_1) = exp(2pi i (t_0+t_1))$$
If we're making the restriction that $t_iin[0,1)$, then we have to take $t_0+t_1mod 1$, but this is fairly standard.
More than just having an obvious group structure, we actually have that any $mathbbZ_p^*$ injects into it.
Specifically, we always have:
$$
phi_p:mathbbZ_p^*to S^1,quad phi_p(x) = exp(2pi i x/(p-1))
$$
Here, $p-1$ in the denominator is because $|mathbbZ_p^*| = p-1$.
We can define the discrete logarithm problem for both of these groups in the standard way (here, it's important to restrict $t_iin[0, 1)$ if we want a unique answer).
Then, we can relate these problems to each via the aforementioned injection.
Through this image, we see that $S^1$ is "continuous" in the sense that it takes up the full circle, but the image of $mathbbZ_p^*$ in $S^1$ will always be "discrete" --- there will always be "some space" between points (they can't get arbitrarily close).
answered 4 mins ago
MarkMark
1534
$endgroup$
add a comment |
$begingroup$
While I agree completely with poncho's answer, this other viewpoint might be useful.
Specifically, I think a better comparison isn't between $mathbbZ_p^*$ and $mathbbR^*$, but with $mathbbZ_p^*$ and $S^1$. We can view $S^1 cong zinmathbbC mid $. It's not hard to show that any $zin S^1$ is able to be written as $z = exp(2pi i t)$ for $tinmathbbR$ (we don't strictly need the factor $2pi$ here, but it's traditional). Due to $exp(x)$ being periodic, it's in fact enough to have $tin[0,1)$.
This has an obvious group structure, in that:
$$exp(2pi i t_0)exp(2pi i t_1) = exp(2pi i (t_0+t_1))$$
If we're making the restriction that $t_iin[0,1)$, then we have to take $t_0+t_1mod 1$, but this is fairly standard.
More than just having an obvious group structure, we actually have that any $mathbbZ_p^*$ injects into it.
Specifically, we always have:
$$
phi_p:mathbbZ_p^*to S^1,quad phi_p(x) = exp(2pi i x/(p-1))
$$
Here, $p-1$ in the denominator is because $|mathbbZ_p^*| = p-1$.
We can define the discrete logarithm problem for both of these groups in the standard way (here, it's important to restrict $t_iin[0, 1)$ if we want a unique answer).
Then, we can relate these problems to each via the aforementioned injection.
Through this image, we see that $S^1$ is "continuous" in the sense that it takes up the full circle, but the image of $mathbbZ_p^*$ in $S^1$ will always be "discrete" --- there will always be "some space" between points (they can't get arbitrarily close).
answered 4 mins ago
MarkMark
1534
$endgroup$
While I agree completely with poncho's answer, this other viewpoint might be useful.
Specifically, I think a better comparison isn't between $mathbbZ_p^*$ and $mathbbR^*$, but with $mathbbZ_p^*$ and $S^1$. We can view $S^1 cong zinmathbbC mid $. It's not hard to show that any $zin S^1$ is able to be written as $z = exp(2pi i t)$ for $tinmathbbR$ (we don't strictly need the factor $2pi$ here, but it's traditional). Due to $exp(x)$ being periodic, it's in fact enough to have $tin[0,1)$.
This has an obvious group structure, in that:
$$exp(2pi i t_0)exp(2pi i t_1) = exp(2pi i (t_0+t_1))$$
If we're making the restriction that $t_iin[0,1)$, then we have to take $t_0+t_1mod 1$, but this is fairly standard.
More than just having an obvious group structure, we actually have that any $mathbbZ_p^*$ injects into it.
Specifically, we always have:
$$
phi_p:mathbbZ_p^*to S^1,quad phi_p(x) = exp(2pi i x/(p-1))
$$
Here, $p-1$ in the denominator is because $|mathbbZ_p^*| = p-1$.
We can define the discrete logarithm problem for both of these groups in the standard way (here, it's important to restrict $t_iin[0, 1)$ if we want a unique answer).
Then, we can relate these problems to each via the aforementioned injection.
Through this image, we see that $S^1$ is "continuous" in the sense that it takes up the full circle, but the image of $mathbbZ_p^*$ in $S^1$ will always be "discrete" --- there will always be "some space" between points (they can't get arbitrarily close).
answered 4 mins ago
MarkMark
1534
answered 4 mins ago
MarkMark
1534
answered 4 mins ago
MarkMark
1534
answered 4 mins ago
MarkMark
1534
1534
add a comment |
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68801%2fwhy-was-the-term-discrete-used-in-discrete-logarithm%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
$begingroup$
Traditional logarithm: answer is a real or complex number. Discrete logarithm: answer is an element of a finite set $mathbbZ_n$.
$endgroup$
– Mikero
34 mins ago